[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Scan detection

Subject: Re: [cobalt-security] Scan detection
From: "Jonathan Michaelson" <michaelsonjd@xxxxxxxxxxx>
Date: Mon, 12 Aug 2002 17:31:27 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Paul,


> Why is it that after SUN'S new "TCP Hardening" patch and the 8+ new
> services running on my box now that when you goto "Action Against Detected
> Scans" and select "Log and Block" you get a message saying " if you enable
> this option you will be open to DOS attack's! ?.

IP address spoofing. If someone sends altered TCP packets to your server,
under certain conditions it could block itself off from the rest of the
world, hence a DOS. An example might be to spoof the IP addresses of DNS
servers that serve domains on a web server.

If you need to understand this better, have a look at the following
portsentry guide and scroll down to the section starting "A bit of warning
about indiscriminantly blocking IP addresses because of suspicious scans"...

http://online.securityfocus.com/infocus/1586

Different product, same potential risk. That risk is probably very small,
but the consideration has to be made if you turn on any kind of service that
automatically blocks IP addresses.

--
Regards,
Jonathan Michaelson
Commercial CGI Scripting, Web Hosting
Web-based Email, Homepage Creation and Live Help products
http://www.webumake.com

References:
- [cobalt-security] Scan detection
  - From: Paul Jacobs

Prev by Date: Re: [cobalt-security] Scan detection
Next by Date: Re: [cobalt-security] Scan detection
Previous by thread: Re: [cobalt-security] Scan detection
Next by thread: RE: [cobalt-security] Scan detection

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index